CVE-2018-21232

low-risk
Published 2020-04-29

re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Re2C

Affected Vendors

Re2C

References (6)

http://www.openwall.com/lists/oss-security/2020/05/14/4
Exploit https://github.com/skvadrik/re2c/issues/219
Mailing List https://www.openwall.com/lists/oss-security/2020/04/27/2
http://www.openwall.com/lists/oss-security/2020/05/14/4
Exploit https://github.com/skvadrik/re2c/issues/219
Mailing List https://www.openwall.com/lists/oss-security/2020/04/27/2
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal